The AG has said that based on what evidence we’ve gathered so far we have sufficient cause to bring charges against individuals within and without the company, Tom Dresslar, spokesperson for Attorney General Bill Lockyer, told us.
He declined to comment on who could be charged, or on when it could happen. He said the AG had been looking into the incident since mid-August, well before it became public knowledge.
As the attorney general said, in terms of how high up it goes and how broad the culpability is depends on the facts – who knew what when, Dresslar said.
A small Boston-based company, Security Outsourcing Solutions Inc, is said to be one of the targets of Lockyer’s investigation. Lockyer’s office would not confirm SOS was involved.
The attorney general has confirmed he has contacted the Massachusetts attorney general for assistance regarding potential warrants or subpoenas, Dresslar said.
The charges would relate to several incidents in which people hired by HP pretended to be other people – HP’s directors, several journalists and their families — in order to view their telephone records online.
HP was trying to flush out the source of several leaks to reporters, in an investigation initiated by chairman Patricia Dunn, said to be angry that confidential board-level information was making it to the media.
The hacking evidently worked, with investigators uncovering HP director George Keyworth as the leaker. Keyworth resigned recently as a result of the bad press HP has been getting, and Dunn promised to step down as chairperson in January.
She still plans to keep her seat on the board, however, which is causing many commentators to say the moves do not go far enough.
What’s not yet known is who at HP knew that pretexting was being used to deceptively obtain phone records. The question of who knew, and why they thought it was acceptable corporate behavior has not yet come to light.
HP’s word on the subject, from a Securities and Exchange Commission filing, is that HP knew about pretexting since at least June 19, when former director Tom Perkins, who had quit in protest in May, was informed (by whom, it does not say) about the practice.
But HP’s hired help carried out its first known pretexting attack in January 2005, so it’s likely that somebody knew about it long ago.
The company makes reference to the investigation being launched by Dunn, and being handled by an internal group, a licensed outside firm specializing in investigations that in turn handed off the pretexting duties to another party.
HP was advised by outside counsel that pretexting was not generally unlawful except with regards to obtaining data from financial institutions.
However, Lockyer’s office is convinced a crime was committed. Dresslar referred to a few California laws that could cover this situation, and said that out-of-state perpetrators would still be liable.
As well as the California attorney general, the FBI, SEC, Federal Communications Commission and US House Energy and Commerce Committee are conducting investigations into the incidents.
